Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
13966	2023-04-10 09:34	clip64.dll 73df88d68a4f5e066784d462788cf695 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself				2.0	M	58	ZeroCERT

13967	2023-04-10 09:33	tk.txt.ps1 6f9f7f9061fbf67cfafb13d02796231e Generic Malware Antivirus VirusTotal Malware powershell Malicious Traffic Check memory WMI ICMP traffic unpack itself Check virtual network interfaces Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	4	1	5.2		6	ZeroCERT

13968	2023-04-10 09:33	oneetx.exe 6809ca52cdc1bfffe3496efd3e2409b5 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself				2.2	M	55	ZeroCERT

13969	2023-04-10 09:32	fotocr17.exe 5227881f0c4282a39a83b797a0299392 Gen1 Emotet UPX Malicious Library CAB PE32 PE File PDB Remote Code Execution				0.8	M		ZeroCERT

13970	2023-04-10 09:32	clip64.dll 940af61872686e1bf02772033d5c544d UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself				2.0	M	61	ZeroCERT

13971	2023-04-10 09:31	foto0154.exe 3565091a7c8d8606dd54a6d9a28de337 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		2		8.2	M		ZeroCERT

13972	2023-04-10 09:31	photo_112.exe a67bb51b119a575bc5fbac95df8429c7 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	15.4	M		ZeroCERT

13973	2023-04-10 09:30	foto0154.exe 1fdd7be5eb45c613ba6239edb83ab7ea Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1		8.2	M		ZeroCERT

13974	2023-04-10 09:27	clip64.dll 4061d8dd5006b99d06fa208c0063dfcf UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself				2.0	M	61	ZeroCERT

13975	2023-04-10 09:27	1.exe c6d83d1d068d0a0e1bb9e38d6946402a UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution DNS		1		1.6			ZeroCERT

13976	2023-04-10 09:10	Updater.exe 6fa2a8de3fc30b9c80d12c2ac4ad2e3f PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS CoinMiner		4	2	1.6	M	51	ZeroCERT

13977	2023-04-08 07:00	VoiceControlEngine.exe aa57f0d7a099773175006624cc891b29 PWS .NET framework RAT Generic Malware UPX Antivirus HTTP Http API Internet API AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key crashed				12.6	M	37	guest

13978	2023-04-08 06:57	FreeWMAToMP3Converter.exe b4d654755e5fb496138ed0e9c4121e84 Emotet Gen1 UPX Malicious Library Malicious Packer AntiDebug AntiVM MZP Format PE32 PE File PNG Format DLL PE64 OS Processor Check MSOffice File GIF Format JPEG Format Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities AppData folder AntiVM_Disk VM Disk Size Check Tofsee Windows ComputerName	1 Keyword trend analysis	2	2	5.4			guest

13979	2023-04-08 06:56	FreeWMAToMP3Converter.exe b4d654755e5fb496138ed0e9c4121e84 Emotet Gen1 UPX Malicious Library Malicious Packer AntiDebug AntiVM MZP Format PE32 PE File MSOffice File PNG Format DLL PE64 OS Processor Check GIF Format JPEG Format Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder AntiVM_Disk VM Disk Size Check Tofsee Windows Exploit ComputerName DNS crashed	1 Keyword trend analysis	2	2	7.0			guest

13980	2023-04-08 06:55	FreeWMAToMP3Converter.exe b4d654755e5fb496138ed0e9c4121e84 Emotet Gen1 UPX Malicious Library Malicious Packer AntiDebug AntiVM MZP Format PE32 PE File PNG Format DLL PE64 GIF Format OS Processor Check MSOffice File JPEG Format Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder AntiVM_Disk VM Disk Size Check Tofsee Windows Exploit ComputerName DNS crashed	1 Keyword trend analysis	2	2	7.4			guest